Global mobile banking malware grows 32% in 2023. „Users in Turkey were the most targeted” – Kaspersky

Financial phishing accounted for 27.32% of all phishing attacks on corporate users and 30.68% of phishing attacks on home users. Online shopping brands were the most popular lure, accounting for 41.65% of financial phishing attempts. PayPal phishing accounted for 54.78% of pages targeting electronic payment system users. PC malware – consumers remained the primary target of financial cyberthreats, accounting for 61.2% of attacks. Mobile malware – Agent was the most active mobile malware family, making up 38% of all Android attacks.

Kaspersky has released its annual Financial Threats Report for 2023, offering a detailed analysis of the evolving financial cyberthreat landscape. The report reveals significant increases in mobile banking malware and cryptocurrency-related phishing, signaling growing threats to digital financial assets.

The previous 12 months has witnessed a substantial rise in the number of users encountering mobile banking Trojans, with attacks on Android users surging by 32 percent – contrary to 2022. The most prevalent banking trojan was Bian.h, accounting for 22 percent of all Android attacks. Geographically, Afghanistan, Turkmenistan, and Tajikistan recorded the highest share of users encountering banking Trojans, with Turkey leading mobile banking malware attacks, with almost three percent of users affected (2.98%).

While the number of users affected by financial PC malware saw an 11 percent decline in 2023, Ramnit and Zbot were identified as the predominant malware families, targeting more than 50 percent of affected users. Consumers continued to be the primary target, comprising 61.2 percent of all attacks.

Financial phishing

In 2023, financial phishing remained a significant threat, accounting for 27.32 percent of all phishing attacks on corporate users and 30.68 percent on home users. E-shop brands were identified as the top lure, with 41.65 percent of financial phishing attempts. Additionally, PayPal phishing represented 54.78 percent of phishing pages targeting electronic payment system users. The report also highlighted a 16 percent year-on-year growth in cryptocurrency phishing, with 5.84 million detections in 2023 compared to 5.04 million in 2022.

Top 10 organizations mimicked by phishing and scam pages that were blocked on business users’ devices, 2023

E-shop phishing was identified as the most prevalent, recording 41.65 percent of all financial phishing pages. Amazon emerged as the most mimicked online store, accounting for 34 percent of phishing attempts, followed by Apple at 18.66 percent and Netflix at 14.71 percent.

TOP 10 online shopping brands mimicked by phishing and scam pages, 2023

Cryptocurrency-related phishing and scams continued to grow, with Kaspersky preventing 5,838,499 attempts to follow cryptocurrency-themed phishing links – a 16 percent increase on 2022. Scammers mimicked cryptocurrency exchanges and offered coins in the name of large enterprises like Apple.

Top 10 TOP 10 organizations mimicked by phishing and scam pages that were blocked on home users’ devices, 2023

Overall, among the three major financial phishing categories, online store users (41.65%) were targeted the most, followed by banks (38.47%) and payment systems (19.88%). PayPal was the most targeted payment system, with 54.73 percent of attacks.

Distribution of financial phishing pages by category, 2023

“Money has always been a magnet for cybercriminals, and a substantial portion of malware attacks are financially motivated. The surge in mobile malware witnessed last year highlights a concerning trend in cybercrime. With the emergence of new and aggressive malware strains, attackers are evolving their tactics to target mobile devices more aggressively. This underscores the imperative for individuals and businesses to maintain heightened vigilance, update protective measures, and fortify device security accordingly,” commented Igor Golovin, a security expert at Kaspersky.

To learn more about the state of financial threats in 2023, visit Securelist.com.